US11487892B2 - Financial data secure sharing method, device and system based on cloud server - Google Patents

Financial data secure sharing method, device and system based on cloud server Download PDF

Info

Publication number
US11487892B2
US11487892B2 US17/729,996 US202217729996A US11487892B2 US 11487892 B2 US11487892 B2 US 11487892B2 US 202217729996 A US202217729996 A US 202217729996A US 11487892 B2 US11487892 B2 US 11487892B2
Authority
US
United States
Prior art keywords
financial data
sharing
cloud server
data
data sharing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US17/729,996
Other languages
English (en)
Other versions
US20220253543A1 (en
Inventor
Sheng Yang
Haibo Zeng
Ping Yuan
Bicheng Tang
Ying Huang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiaying Technology Co Ltd
Original Assignee
Jiaying Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiaying Technology Co Ltd filed Critical Jiaying Technology Co Ltd
Publication of US20220253543A1 publication Critical patent/US20220253543A1/en
Application granted granted Critical
Publication of US11487892B2 publication Critical patent/US11487892B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/12Accounting
    • G06Q40/125Finance or payroll
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/06Asset management; Financial planning or analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present invention relates to a technical field of data processing, and more particularly to a financial data secure sharing method, a device and a system based on a cloud server.
  • Financial data is a statement of accounting data that reflects the capital and profit status of an enterprise or budget unit for a certain period of time. For some unlisted enterprises or budget units that do not need to disclose the financial data, the financial data has a certain degree of confidentiality within a certain period of time, which should be prevented from leaking to the outside world. However, it is also necessary to ensure the sharing of these financial data among relevant personnel, and such sharing must be secure.
  • An object of the present invention is to overcome the deficiencies of the prior art by providing a financial data secure sharing method, a device and a system based on a cloud server, in such a manner that financial data can be shared according to user identity authorities, thereby ensuring the security of the shared financial data.
  • the present invention provides a financial data secure sharing method based on a cloud server, comprising steps of:
  • logging-in with the terminal through the data access sharing interface provided by the cloud server to obtain the financial data sharing authority for the financial data sharing party comprises specific steps of:
  • using the data access sharing gateway to authenticate the identity of the financial data sharing party, so as to log-in to the cloud server with the terminal comprises specific steps of:
  • controlling the terminal to collect a face image of the financial data sharing party based on the data access sharing gateway to perform secondary identity matching authentication, and obtaining a second authenticated identity after the secondary identity matching authentication is passed;
  • controlling the terminal to collect the face image of the financial data sharing party based on the data access sharing gateway to perform the secondary identity matching authentication, and obtaining the second authenticated identity after the secondary identity matching authentication is passed comprise specific steps of:
  • filling-in and uploading the financial data according to the data sharing upload format provided by the cloud server after the financial data sharing party logs-in comprises specific steps of:
  • selecting the encryption method for the unified-format financial data according to the financial data sharing authority or the authentication speed and the authentication scope of the blockchain comprises specific steps of:
  • the optimal value between the authentication speed and the authentication range of the different blockchains is a nonlinear mapping process or a linear mapping process
  • the encryption method is an alliance chain encryption method, a public chain encryption method, or a private chain encryption method.
  • storing the encryption authentication result in the memory of the cloud server based on the preset storage structure comprises specific steps of:
  • storing the binary information in the memory of the cloud server according to the ordered set storage structure to form the storage data chain comprises specific steps of:
  • the present invention also provides a financial data secure sharing device based on a cloud server, comprising:
  • a data uploading module for filling-in and uploading financial data according to a data sharing upload format provided by the cloud server after the financial data sharing party logs-in;
  • a format unification module for performing a unified format conversion on the financial data by the cloud server after receiving the financial data, so as to generate unified-format financial data
  • an encryption selection module for selecting an encryption method for the unified-format financial data according to the financial data sharing authority or an authentication speed and an authentication scope of a blockchain;
  • an encryption authentication module for processing the unified-format financial data with encryption authentication based on the encryption method selected, and obtaining an encryption authentication result
  • a data sharing module for storing the encryption authentication result in a memory of the cloud server based on a preset storage structure, and providing data sharing to a corresponding user through the data access sharing interface.
  • the present invention also provides a financial data secure sharing system based on a cloud server, comprising: the cloud server and multiple user terminals, wherein the multiple user terminals perform data interactive connection based on a data access sharing gateway constructed by the cloud server; the system is configured to execute the above financial data secure sharing method.
  • the financial data can be shared according to the user identity authority.
  • the data Before the financial data is shared, the data is encrypted with a blockchain technology while stored based on an ordered set storage structure. The data is shared through the data access sharing interface to the corresponding users, thereby ensuring the security of the shared financial data.
  • FIG. 1 is a flowchart of a financial data secure sharing method based on a cloud server according to an embodiment of the present invention
  • FIG. 2 is a structural diagram of a financial data secure sharing device based on a cloud server according to an embodiment of the present invention.
  • FIG. 3 is a structural diagram of a financial data secure sharing system based on a cloud server according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of a financial data secure sharing method based on a cloud server according to the embodiment 1 of the present invention.
  • a financial data secure sharing method based on a cloud server comprising steps as follows.
  • S 11 logging-in with a terminal through a data access sharing interface provided by the cloud server to obtain a financial data sharing authority for a financial data sharing party.
  • logging-in with the terminal through the data access sharing interface provided by the cloud server to obtain the financial data sharing authority for the financial data sharing party comprises specific steps of: constructing a data access sharing gateway by the cloud server based on the data access sharing interface, while generating a data sharing authority center in the cloud server; using the data access sharing gateway to authenticate an identity of the financial data sharing party, so as to log-in to the cloud server with the terminal; and sending an authenticated identity of the financial data sharing party to the data sharing authority center by the cloud server, and assigning a corresponding financial data sharing authority to the financial data sharing party in the data sharing authority center based on the authenticated identity.
  • using the data access sharing gateway to authenticate the identity of the financial data sharing party, so as to log-in to the cloud server with the terminal comprises specific steps of: inputting an identity authentication account and a corresponding authentication password to the cloud server by the financial data sharing party through the data access sharing gateway on the terminal; performing identity matching authentication by the cloud server after receiving the identity authentication account and the corresponding authentication password, and obtaining a first authenticated identity after the identity matching authentication is passed; controlling the terminal to collect a face image of the financial data sharing party based on the data access sharing gateway to perform secondary identity matching authentication, and obtaining a second authenticated identity after the secondary identity matching authentication is passed; and if the first authenticated identity matches with the second authenticated identity, allowing the financial data sharing party to log-in to the cloud server.
  • controlling the terminal to collect the face image of the financial data sharing party based on the data access sharing gateway to perform the secondary identity matching authentication, and obtaining the second authenticated identity after the secondary identity matching authentication is passed comprise specific steps of: controlling a camera device of the terminal by the cloud server to collect the face image of the financial data sharing party based on the data access sharing gateway with authorization given to the terminal by the corresponding user; performing key point feature extraction on the collected face image by the cloud server to obtain key point feature data; and performing the secondary identity matching authentication based on the key point feature data and user face feature data stored in the cloud server, and after the secondary identity matching authentication is passed, obtaining a stored identity of the corresponding user as the second authenticated identity.
  • the financial data sharing party needs to log-in to the cloud server through the terminal and obtain the relevant financial data sharing authority.
  • the cloud server provides the corresponding data access sharing interface, and constructs the data access sharing gateway according to the data access sharing interface, so as to establish a secure interval layer between the cloud server and the terminal through the data access sharing gateway, which ensures security of the cloud server when the terminal accesses the cloud server.
  • the data sharing authority center is built in the cloud server, which is specially used to assign the financial data sharing authority to the user, in such a manner that the financial data sharing party can log-in to the cloud server by authenticating the identity through the data access sharing gateway on the terminal.
  • the cloud server After the financial data sharing party remotely logs-in to a remote server, the cloud server sends the authenticated identity of the financial data sharing party to the data sharing authorization center, and assigns the corresponding financial data sharing authority to the financial data sharing party in the data sharing authorization center according to the authenticated identity.
  • Different financial data sharing authorities corresponding to different financial data sharing parties with different authenticated identities are stored in the data sharing authorization center.
  • the authenticated identity is used to match with a corresponding authenticated identity in the data sharing authority center, so as to obtain the financial data sharing authority corresponding to the financial data sharing party.
  • a dual authentication method is used for identity authentication, namely the traditional account and password authentication and the biometric authentication.
  • the financial data sharing party inputs the identity authentication account number to the cloud server through the data access sharing interface on the terminal and the corresponding authentication password, and then the cloud server receives the identity authentication account number and the corresponding authentication password for identity matching authentication, so as to obtain the first authenticated identity after the authentication is passed.
  • the terminal is controlled according to the data access sharing gateway to collect the face image of the financial data sharing party for the secondary identity matching authentication, wherein the second authenticated identity is obtained after the authentication is passed. If the first authenticated identity matches with the second authenticated identity, the financial data sharing party is allowed to log-in to the cloud server.
  • the camera device of the terminal is controlled by the cloud server to collect the face image of the financial data sharing party based on the data access sharing gateway with the authorization given to the terminal by the corresponding user.
  • the key point feature extraction is performed on the collected face image by the cloud server, wherein grayscale converting as well as high and low pass filtering are performed before locating the key points, and finally the key point feature extraction is performed according to the located key points to obtain the key point feature data.
  • the secondary identity matching authentication is performed based on the key point feature data and the user face feature data stored in the cloud server. After the secondary identity matching authentication is passed, the stored identity of the corresponding user is used as the second authenticated identity. Through the secondary authentication, the identity security of the financial data sharing party logging-in to the cloud server is effectively guaranteed, which is beneficial to ensure the authenticity and validity of the shared financial data.
  • filling-in and uploading the financial data according to the data sharing upload format provided by the cloud server after the financial data sharing party logs-in comprises specific steps of: after the financial data sharing party logs-in to the cloud server, pushing the data sharing upload format to the terminal of the financial data sharing party by the cloud server based on the financial data sharing authority of the financial data sharing party; and filling-in and uploading the financial data by the financial data sharing party with the terminal according to the data sharing upload format.
  • the cloud server will push the data sharing upload format to the terminal of the financial data sharing party according to the financial data sharing authority of the financial data sharing party or a selection within the financial data sharing authority of the financial data sharing party. Then the financial data sharing party fills-in and uploads the financial data on the corresponding terminal according to the data sharing upload format.
  • the cloud server after receiving the financial data, performs the unified format conversion on the financial data according to a preset financial data converting rule, so as to generate unified-format financial data.
  • S 14 selecting an encryption method for the unified-format financial data according to the financial data sharing authority or an authentication speed and an authentication scope of a blockchain.
  • selecting the encryption method for the unified-format financial data according to the financial data sharing authority or the authentication speed and the authentication scope of the blockchain comprises specific steps of: selecting the encryption method for the unified-format financial data by the financial data sharing party according to the financial data sharing authority; or calculating an optimal value between the authentication speed and the authentication range of different blockchains based on a preset algorithm, and selecting the encryption method for the unified format financial data based on the optimal value; wherein the optimal value between the authentication speed and the authentication range of the different blockchains is a nonlinear mapping process or a linear mapping process; the encryption method is an alliance chain encryption method, a public chain encryption method, or a private chain encryption method.
  • the financial data sharing party can select the encryption method the unified-format financial data within the financial data sharing authority.
  • the optimal value between the authentication speed and the authentication range of the different blockchains can be calculated based on the preset algorithm, so as to select the encryption method for the unified format financial data based on the optimal value.
  • the optimal value between the authentication speed and the authentication range of the different blockchains is calculated with the preset algorithm mainly according to the size of the financial data to be shared and the security level of the financial data (the security level is determined by the financial data sharing party).
  • the optimal value between the authentication speed and the authentication range of the different blockchains is the nonlinear mapping process or the linear mapping process; the encryption method is the alliance chain encryption method, the public chain encryption method, or the private chain encryption method.
  • the unified-format financial data is processed with the encryption authentication based on the alliance chain encryption method, and an alliance chain encryption authentication result is recorded.
  • the public chain encryption method is selected, the unified-format financial data is processed with the encryption authentication based on the public chain encryption method, and a public chain encryption authentication result is recorded.
  • the private chain encryption method is selected, the unified-format financial data is processed with the encryption authentication based on the private chain encryption method, and a private chain encryption authentication result is recorded. Finally, the encryption authentication result is obtained.
  • storing the encryption authentication result in the memory of the cloud server based on the preset storage structure comprises specific steps of: converting the encryption authentication result into binary information, and storing the binary information in the memory of the cloud server according to an ordered set storage structure to form a storage data chain.
  • storing the binary information in the memory of the cloud server according to the ordered set storage structure to form the storage data chain comprises specific steps of: while storing the binary information in the memory of the cloud server according to the ordered set storage structure, obtaining corresponding elements of the binary information; binding each of the corresponding elements with a unique score; and storing ordered set serial numbers based on the unique scores, and converting the binary information into the storage data chain.
  • the encryption authentication result needs to be converted into the binary information, and then the binary information is stored in the cloud server with the ordered set storage structure, which forms the storage data chain.
  • the ordered set storage structure is zeset (ordered set) in Redis (key-value storage system (database)).
  • the zeset is a sortable set. Inside the zeset, each element has a unique score bound to it, which means the binary information can be stored to form the storage data chain.
  • the encryption authentication result should be converted into the binary information for storage, then the binary information is stored in the memory of the cloud server according to the ordered set storage structure, and the elements corresponding to the binary information are obtained. Inside the ordered set in the memory, each element is bound with the unique score. When it is first queried by the user, the corresponding element can be queried through the unique score. The ordered set serial numbers are stored based on the unique scores, and then the binary information is converted into the storage data chain. Finally, data can be shared to the corresponding user through the data access sharing interface, and the user needs to log-in to the cloud server to view the financial data.
  • the login method is the same as that of the financial data sharing party, and the corresponding financial data sharing authority should also be assigned through the data sharing authority center. The financial data that can be viewed is within the financial data sharing authority of the corresponding user.
  • the financial data can be shared according to the user identity authority.
  • the data Before the financial data is shared, the data is encrypted with a blockchain technology while stored based on an ordered set storage structure. The data is shared through the data access sharing interface to the corresponding users, thereby ensuring the security of the shared financial data.
  • FIG. 2 is a structural diagram of a financial data secure sharing device based on a cloud server according to the embodiment 2 of the present invention
  • a financial data secure sharing device based on a cloud server comprising the following modules.
  • logging-in with the terminal through the data access sharing interface provided by the cloud server to obtain the financial data sharing authority for the financial data sharing party comprises specific steps of: constructing a data access sharing gateway by the cloud server based on the data access sharing interface, while generating a data sharing authority center in the cloud server; using the data access sharing gateway to authenticate an identity of the financial data sharing party, so as to log-in to the cloud server with the terminal; and sending an authenticated identity of the financial data sharing party to the data sharing authority center by the cloud server, and assigning a corresponding financial data sharing authority to the financial data sharing party in the data sharing authority center based on the authenticated identity.
  • using the data access sharing gateway to authenticate the identity of the financial data sharing party, so as to log-in to the cloud server with the terminal comprises specific steps of: inputting an identity authentication account and a corresponding authentication password to the cloud server by the financial data sharing party through the data access sharing gateway on the terminal; performing identity matching authentication by the cloud server after receiving the identity authentication account and the corresponding authentication password, and obtaining a first authenticated identity after the identity matching authentication is passed; controlling the terminal to collect a face image of the financial data sharing party based on the data access sharing gateway to perform secondary identity matching authentication, and obtaining a second authenticated identity after the secondary identity matching authentication is passed; and if the first authenticated identity matches with the second authenticated identity, allowing the financial data sharing party to log-in to the cloud server.
  • controlling the terminal to collect the face image of the financial data sharing party based on the data access sharing gateway to perform the secondary identity matching authentication, and obtaining the second authenticated identity after the secondary identity matching authentication is passed comprise specific steps of: controlling a camera device of the terminal by the cloud server to collect the face image of the financial data sharing party based on the data access sharing gateway with authorization given to the terminal by the corresponding user; performing key point feature extraction on the collected face image by the cloud server to obtain key point feature data; and performing the secondary identity matching authentication based on the key point feature data and user face feature data stored in the cloud server, and after the secondary identity matching authentication is passed, obtaining a stored identity of the corresponding user as the second authenticated identity.
  • the financial data sharing party needs to log-in to the cloud server through the terminal and obtain the relevant financial data sharing authority.
  • the cloud server provides the corresponding data access sharing interface, and constructs the data access sharing gateway according to the data access sharing interface, so as to establish a secure interval layer between the cloud server and the terminal through the data access sharing gateway, which ensures security of the cloud server when the terminal accesses the cloud server.
  • the data sharing authority center is built in the cloud server, which is specially used to assign the financial data sharing authority to the user, in such a manner that the financial data sharing party can log-in to the cloud server by authenticating the identity through the data access sharing gateway on the terminal.
  • the cloud server After the financial data sharing party remotely logs-in to a remote server, the cloud server sends the authenticated identity of the financial data sharing party to the data sharing authorization center, and assigns the corresponding financial data sharing authority to the financial data sharing party in the data sharing authorization center according to the authenticated identity.
  • Different financial data sharing authorities corresponding to different financial data sharing parties with different authenticated identities are stored in the data sharing authorization center.
  • the authenticated identity is used to match with a corresponding authenticated identity in the data sharing authority center, so as to obtain the financial data sharing authority corresponding to the financial data sharing party.
  • a dual authentication method is used for identity authentication, namely the traditional account and password authentication and the biometric authentication.
  • the financial data sharing party inputs the identity authentication account number to the cloud server through the data access sharing interface on the terminal and the corresponding authentication password, and then the cloud server receives the identity authentication account number and the corresponding authentication password for identity matching authentication, so as to obtain the first authenticated identity after the authentication is passed.
  • the terminal is controlled according to the data access sharing gateway to collect the face image of the financial data sharing party for the secondary identity matching authentication, wherein the second authenticated identity is obtained after the authentication is passed. If the first authenticated identity matches with the second authenticated identity, the financial data sharing party is allowed to log-in to the cloud server.
  • the camera device of the terminal is controlled by the cloud server to collect the face image of the financial data sharing party based on the data access sharing gateway with the authorization given to the terminal by the corresponding user.
  • the key point feature extraction is performed on the collected face image by the cloud server, wherein grayscale converting as well as high and low pass filtering are performed before locating the key points, and finally the key point feature extraction is performed according to the located key points to obtain the key point feature data.
  • the secondary identity matching authentication is performed based on the key point feature data and the user face feature data stored in the cloud server. After the secondary identity matching authentication is passed, the stored identity of the corresponding user is used as the second authenticated identity. Through the secondary authentication, the identity security of the financial data sharing party logging-in to the cloud server is effectively guaranteed, which is beneficial to ensure the authenticity and validity of the shared financial data.
  • a data uploading module 22 for filling-in and uploading financial data according to a data sharing upload format provided by the cloud server after the financial data sharing party logs-in.
  • filling-in and uploading the financial data according to the data sharing upload format provided by the cloud server after the financial data sharing party logs-in comprises specific steps of: after the financial data sharing party logs-in to the cloud server, pushing the data sharing upload format to the terminal of the financial data sharing party by the cloud server based on the financial data sharing authority of the financial data sharing party; and filling-in and uploading the financial data by the financial data sharing party with the terminal according to the data sharing upload format.
  • the cloud server will push the data sharing upload format to the terminal of the financial data sharing party according to the financial data sharing authority of the financial data sharing party or a selection within the financial data sharing authority of the financial data sharing party. Then the financial data sharing party fills-in and uploads the financial data on the corresponding terminal according to the data sharing upload format.
  • a format unification module 23 for performing a unified format conversion on the financial data by the cloud server after receiving the financial data, so as to generate unified-format financial data.
  • the cloud server after receiving the financial data, performs the unified format conversion on the financial data according to a preset financial data converting rule, so as to generate unified-format financial data.
  • An encryption selection module 24 for selecting an encryption method for the unified-format financial data according to the financial data sharing authority or an authentication speed and an authentication scope of a blockchain.
  • selecting the encryption method for the unified-format financial data according to the financial data sharing authority or the authentication speed and the authentication scope of the blockchain comprises specific steps of: selecting the encryption method for the unified-format financial data by the financial data sharing party according to the financial data sharing authority; or calculating an optimal value between the authentication speed and the authentication range of different blockchains based on a preset algorithm, and selecting the encryption method for the unified format financial data based on the optimal value; wherein the optimal value between the authentication speed and the authentication range of the different blockchains is a nonlinear mapping process or a linear mapping process; the encryption method is an alliance chain encryption method, a public chain encryption method, or a private chain encryption method.
  • the financial data sharing party can select the encryption method the unified-format financial data within the financial data sharing authority.
  • the optimal value between the authentication speed and the authentication range of the different blockchains can be calculated based on the preset algorithm, so as to select the encryption method for the unified format financial data based on the optimal value.
  • the optimal value between the authentication speed and the authentication range of the different blockchains is calculated with the preset algorithm mainly according to the size of the financial data to be shared and the security level of the financial data (the security level is determined by the financial data sharing party).
  • the optimal value between the authentication speed and the authentication range of the different blockchains is the nonlinear mapping process or the linear mapping process; the encryption method is the alliance chain encryption method, the public chain encryption method, or the private chain encryption method.
  • An encryption authentication module 25 for processing the unified-format financial data with encryption authentication based on the encryption method selected, and obtaining an encryption authentication result.
  • the unified-format financial data is processed with the encryption authentication based on the alliance chain encryption method, and an alliance chain encryption authentication result is recorded.
  • the public chain encryption method is selected, the unified-format financial data is processed with the encryption authentication based on the public chain encryption method, and a public chain encryption authentication result is recorded.
  • the private chain encryption method is selected, the unified-format financial data is processed with the encryption authentication based on the private chain encryption method, and a private chain encryption authentication result is recorded. Finally, the encryption authentication result is obtained.
  • a data sharing module 26 for storing the encryption authentication result in a memory of the cloud server based on a preset storage structure, and providing data sharing to a corresponding user through the data access sharing interface.
  • storing the encryption authentication result in the memory of the cloud server based on the preset storage structure comprises specific steps of: converting the encryption authentication result into binary information, and storing the binary information in the memory of the cloud server according to an ordered set storage structure to form a storage data chain.
  • storing the binary information in the memory of the cloud server according to the ordered set storage structure to form the storage data chain comprises specific steps of: while storing the binary information in the memory of the cloud server according to the ordered set storage structure, obtaining corresponding elements of the binary information; binding each of the corresponding elements with a unique score; and storing ordered set serial numbers based on the unique scores, and converting the binary information into the storage data chain.
  • the encryption authentication result needs to be converted into the binary information, and then the binary information is stored in the cloud server with the ordered set storage structure, which forms the storage data chain.
  • the ordered set storage structure is zeset (ordered set) in Redis (key-value storage system (database)).
  • the zeset is a sortable set. Inside the zeset, each element has a unique score bound to it, which means the binary information can be stored to form the storage data chain.
  • the encryption authentication result should be converted into the binary information for storage, then the binary information is stored in the memory of the cloud server according to the ordered set storage structure, and the elements corresponding to the binary information are obtained. Inside the ordered set in the memory, each element is bound with the unique score. When it is first queried by the user, the corresponding element can be queried through the unique score. The ordered set serial numbers are stored based on the unique scores, and then the binary information is converted into the storage data chain. Finally, data can be shared to the corresponding user through the data access sharing interface, and the user needs to log-in to the cloud server to view the financial data.
  • the login method is the same as that of the financial data sharing party, and the corresponding financial data sharing authority should also be assigned through the data sharing authority center. The financial data that can be viewed is within the financial data sharing authority of the corresponding user.
  • the financial data can be shared according to the user identity authority.
  • the data Before the financial data is shared, the data is encrypted with a blockchain technology while stored based on an ordered set storage structure. The data is shared through the data access sharing interface to the corresponding users, thereby ensuring the security of the shared financial data.
  • FIG. 3 is a structural diagram of a financial data secure sharing system based on a cloud server according to the embodiment 3 of the present invention.
  • a financial data secure sharing system based on a cloud server comprising: the cloud server 31 and multiple user terminals 32 , wherein the multiple user terminals 32 perform data interactive connection based on a data access sharing gateway constructed by the cloud server 31 ; the system is configured to execute the above financial data secure sharing method.
  • the financial data can be shared according to the user identity authority.
  • the data Before the financial data is shared, the data is encrypted with a blockchain technology while stored based on an ordered set storage structure. The data is shared through the data access sharing interface to the corresponding users, thereby ensuring the security of the shared financial data.
  • ROM Read Only Memory
  • RAM Random Access Memory
  • magnetic disk magnetic disk
  • compact disk etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Human Resources & Organizations (AREA)
  • Operations Research (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Game Theory and Decision Science (AREA)
  • Medical Informatics (AREA)
  • Data Mining & Analysis (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Automation & Control Theory (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
US17/729,996 2021-11-02 2022-04-26 Financial data secure sharing method, device and system based on cloud server Active US11487892B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111285562.1A CN113722695B (zh) 2021-11-02 2021-11-02 基于云端服务器的财务数据安全共享方法、装置及系统
CN202111285562.1 2021-11-02

Publications (2)

Publication Number Publication Date
US20220253543A1 US20220253543A1 (en) 2022-08-11
US11487892B2 true US11487892B2 (en) 2022-11-01

Family

ID=78686385

Family Applications (1)

Application Number Title Priority Date Filing Date
US17/729,996 Active US11487892B2 (en) 2021-11-02 2022-04-26 Financial data secure sharing method, device and system based on cloud server

Country Status (2)

Country Link
US (1) US11487892B2 (zh)
CN (1) CN113722695B (zh)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114783148A (zh) * 2022-03-31 2022-07-22 北京智想北斗技术有限公司 一种基于5g、北斗通信智能自切换的地质灾害实时在线监测与告警的方法
CN114510735B (zh) * 2022-04-01 2022-07-19 国网浙江省电力有限公司 基于角色管理的智慧共享财务管理方法及平台
CN114567447B (zh) * 2022-04-26 2022-07-19 佳瑛科技有限公司 一种基于云端服务器的数据共享管理方法及装置
CN114896201B (zh) * 2022-07-13 2022-10-04 广东电网有限责任公司 一种数字电网财务数据迁移方法及系统
CN116781234B (zh) * 2023-05-04 2024-02-02 深圳市海德盈富信息技术策划有限公司 基于伪随机乱序加密的财务数据共享方法及装置
CN117216478B (zh) * 2023-09-12 2024-04-30 杭州融易算智能科技有限公司 一种财务数据批量处理方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075544A (zh) 2011-02-18 2011-05-25 博视联(苏州)信息科技有限公司 局域网共享文件加密系统及其加解密方法
US9654450B2 (en) * 2012-04-27 2017-05-16 Synchronoss Technologies, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys
US20210133340A1 (en) * 2019-11-05 2021-05-06 Gad Solotorevsky System and Method for Protecting Information
US20210150038A1 (en) * 2019-11-20 2021-05-20 International Business Machines Corporation Smart data protection
CN113536376A (zh) 2021-07-19 2021-10-22 中创智联科技(江苏)有限公司 一种企业财务数据安全管理系统及其方法

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980477B (zh) * 2014-04-14 2019-07-09 航天信息股份有限公司 云存储环境下的数据访问控制方法和系统
CN105023086A (zh) * 2015-01-07 2015-11-04 泰华智慧产业集团股份有限公司 一种基于云计算的数字城市管理数据共享系统
CN105072180B (zh) * 2015-08-06 2018-02-09 武汉科技大学 一种有权限时间控制的云存储数据安全共享方法
CN107979590B (zh) * 2017-11-02 2020-01-17 财付通支付科技有限公司 数据共享方法、客户端、服务器、计算设备及存储介质
CN107766715A (zh) * 2017-11-24 2018-03-06 天津中德应用技术大学 财务共享安全防护系统
CN109242661A (zh) * 2018-08-22 2019-01-18 重庆满集网络科技有限公司 一种财务账号调账实现方法
CN111046421A (zh) * 2019-11-28 2020-04-21 郑州财经学院 一种基于app的企业管理共享方法
CN111444261A (zh) * 2020-02-13 2020-07-24 江苏荣泽信息科技股份有限公司 一种基于区块链的企业数据共享模型
CN111935068A (zh) * 2020-06-12 2020-11-13 工业互联网创新中心(上海)有限公司 一种大数据平台及其服务端、安全认证系统与方法
CN111914269B (zh) * 2020-07-07 2024-02-02 华中科技大学 一种区块链和云存储环境下的数据安全共享方法和系统
CN113222729A (zh) * 2021-05-31 2021-08-06 刘东奇 一种家庭智能财务管理系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075544A (zh) 2011-02-18 2011-05-25 博视联(苏州)信息科技有限公司 局域网共享文件加密系统及其加解密方法
US9654450B2 (en) * 2012-04-27 2017-05-16 Synchronoss Technologies, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys
US20210133340A1 (en) * 2019-11-05 2021-05-06 Gad Solotorevsky System and Method for Protecting Information
US20210150038A1 (en) * 2019-11-20 2021-05-20 International Business Machines Corporation Smart data protection
CN113536376A (zh) 2021-07-19 2021-10-22 中创智联科技(江苏)有限公司 一种企业财务数据安全管理系统及其方法

Also Published As

Publication number Publication date
CN113722695B (zh) 2022-02-08
CN113722695A (zh) 2021-11-30
US20220253543A1 (en) 2022-08-11

Similar Documents

Publication Publication Date Title
US11487892B2 (en) Financial data secure sharing method, device and system based on cloud server
US11599624B2 (en) Graphic pattern-based passcode generation and authentication
US7979899B2 (en) Trusted device-specific authentication
US8955082B2 (en) Authenticating using cloud authentication
CN102420690B (zh) 一种工业控制系统中身份与权限的融合认证方法及系统
US20160125416A1 (en) Authentication system
US20090300168A1 (en) Device-specific identity
US11057210B1 (en) Distribution and recovery of a user secret
US11604867B2 (en) Graphic pattern-based authentication with adjustable challenge level
WO2015066511A1 (en) Determining identity of individuals using authenticators
US20140047233A1 (en) System and methods for automated transaction key generation and authentication
US20140053251A1 (en) User account recovery
CN114567447B (zh) 一种基于云端服务器的数据共享管理方法及装置
US11057373B2 (en) System for authentication using channel dependent one-time passwords
CN104079413A (zh) 增强型一次性动态口令的认证方法及系统
CN109981680A (zh) 一种访问控制实现方法、装置、计算机设备及存储介质
CN111010279A (zh) 一种基于零知识证明的远程多因子认证协议
CN105210071A (zh) 用于持久认证的隐私保护的知识/因素拥有测试
CN106529216B (zh) 一种基于公共存储平台的软件授权系统及软件授权方法
CN109067749A (zh) 一种信息处理方法、设备及计算机可读存储介质
CN116112242B (zh) 面向电力调控系统的统一安全认证方法及系统
Zhu et al. An efficient biometric authenticated protocol for arbitrary-domain-server with blockchain technology
CN114268438B (zh) 多方协同签名方法、装置、计算机设备和存储介质
PRIYA et al. TRUSTED HYBRID MULTIFACTOR AUTHENTICATION FOR CLOUD USERS.
CN112822687B (zh) 一种锥体区块链移动终端认证方法

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE